d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5

Analysis

max time kernel
133s
max time network
177s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
05-07-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Size

574KB
MD5

82267a649aa0a1dbaea09a422f292fdf
SHA1

f24dd169c52754e21d261e173327313ad66518ca
SHA256

d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
SHA512

0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
SSDEEP

12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.cover.the.dumb.roll:Metrica

ioc process

/sbin/su com.cover.the.dumb.roll:Metrica
/system/app/Superuser.apk com.cover.the.dumb.roll:Metrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cover.the.dumb.roll

pid process

5059 com.cover.the.dumb.roll
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.cover.the.dumb.roll

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cover.the.dumb.roll
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cover.the.dumb.roll

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.cover.the.dumb.roll

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cover.the.dumb.roll
Reads information about phone network operator. 1 TTPs
discovery

T1422

ioc	process
/sbin/su	com.cover.the.dumb.roll:Metrica
/system/app/Superuser.apk	com.cover.the.dumb.roll:Metrica

pid	process
5059	com.cover.the.dumb.roll

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cover.the.dumb.roll

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cover.the.dumb.roll

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cover.the.dumb.roll

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.cover.the.dumb.rollcom.cover.the.dumb.roll:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.cover.the.dumb.roll
Framework service call	android.app.IActivityManager.registerReceiver	com.cover.the.dumb.roll:Metrica

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.cover.the.dumb.roll:Metrica

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.cover.the.dumb.roll:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cover.the.dumb.roll

description ioc process

File opened for read /proc/cpuinfo com.cover.the.dumb.roll
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cover.the.dumb.roll

description ioc process

File opened for read /proc/meminfo com.cover.the.dumb.roll

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.cover.the.dumb.roll:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cover.the.dumb.roll:Metrica

description	ioc	process
File opened for read	/proc/cpuinfo	com.cover.the.dumb.roll

description	ioc	process
File opened for read	/proc/meminfo	com.cover.the.dumb.roll

com.cover.the.dumb.roll
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5059

com.cover.the.dumb.roll:Metrica
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cover.the.dumb.roll/files/m
Filesize
12KB

MD5
5dfe389461dfde8646b3a610515a4d71

SHA1
deac69958bbb97a048096cefe89b17f5770712a0

SHA256
d2ac0e3c663dc0bfee815e9f7ffc0dbb63db2e8caacdf53f0102a0d6d02ee753

SHA512
88dc0c722d9b900174b4d233cd1c6a1e144bff5b871228e4d3b703a5f1c52173d623eef68aace2e804822bee2fec95f4444cddcc76a73f2c7af58148a4b599d0

Download Submit
/data/data/com.cover.the.dumb.roll/files/m
Filesize
12KB

MD5
9f80af715526a1f38713041d465116cf

SHA1
75aad5ffcb2db62a08e46e7e91d2653cf9c9c7e0

SHA256
fa1c05bcdb89d53880c23e73b4e72dfbd9128d17dba0cb7ee42a78be0ee9a81e

SHA512
87a9105016c058eab8dd13240ba8e1d3a5e29d4533ee87d67fe5016e13573fbb443062ae459ed8a50ae796dd6019bb1bf5711f73f78cc892eb3cfab62a3aed85

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/credentials.dat
Filesize
226B

MD5
ed12dedc93d21e7bd1d28227d7f1b097

SHA1
405f415ff42bff5165cefafcd565cdd751254307

SHA256
5d0ba9f86079fc4f39e902e4db2d8e8c1f85c6cfb2e09dc23646de074faf928e

SHA512
b569795a388c5ca78e61626409ff59f5c5d27f0d6bcea93d35f5ae0c16f37326f43f02a66add759e4023204c6b9c5f5b28b4b4a5433211454a9fa23a1841692d

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll
Filesize
36KB

MD5
6396afc07d2ad1c1212f749673524403

SHA1
74169aa821ba03d2edc01b5dfbfb10ebfd63fe2c

SHA256
a6b97f842fb441403c6f24955cd5a266a68bc10eff2db4ea4d8a226a0b5fafe2

SHA512
584892406f25307a339a0aef7159c75a86670afc97b52f9eb21ad7330f315db1d50781abffde27ccb040d8ad47753d30254f19e8d8427bb60cc0ea8f9a691458

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
20KB

MD5
193f5f607db44880d8ab20dcd416bb01

SHA1
a6be073120b40e787cc4bb942d66f6b697ad766d

SHA256
6b8c685177acc2a7e8b6ad5ce501fd4bf703817d8f8f28db1dd0a0d45f16301d

SHA512
d8aa6f27aa0fa0d52a50c40bf17f1a057d38781bb50b33ed56ad05d6dc22449b5039c45c0db567bd8d9fb34144d323ab5bd328e55f63b707b2e20e5696b87a93

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
20KB

MD5
d3d099d116f484591b39adc2c9ea7df5

SHA1
236dba104ca7f9877fc6d40dee192d1966c78753

SHA256
66ae42b7b657bc2bb48955c9bd1a05c9e58bf30da98502b2fdf5e0f97ac21e59

SHA512
1f7e95726781d0eed226480958eee0aafbe7fa1343e33519edfc247512528c41aaadf063e1fb8de60696effd3e6cb5b605eba16b5fa1b49597e0959f42316e9c

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
8KB

MD5
366e569053cb044fa389c92383b8341b

SHA1
21d7467985ce8eac005a1d485c7660b4c6db2dc1

SHA256
a4b522e2a3aa4293c849e20eb34dbece45d87503eb24231c5666376bc9409675

SHA512
f828dbc1eff978e296d75d2425630059fddd1a6e2629ed484e49c382066a134eb72450f54a1e318e33d5781c7b9a3005630704e42a38b3ec6351eea46215150b

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
12KB

MD5
fd4044e274f694e464ed13b04a25794b

SHA1
1ba285de9ab9d8d967033ee93de67fb28949acc6

SHA256
738a43753d601bef7a604c2fbf001ec371e066c1eff1235ac690ae8d82d6eec1

SHA512
69bbef42a0dc57a48e8154450f9bc3b0b8072cdbfd989915d437bfb8b33c2ff78ca04c97ce0f719a35cd9d7ec6153ac14a5581446340be752c87e48f7290db34

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
12KB

MD5
6f0af01d30f842264484d35eccc80137

SHA1
0554fed1301f55e8bbe3804dd50f9903ce905f8a

SHA256
d1153d2cf34904750ef7758457d9de0081f65c3a5f49155ed57b05b9041bfc3a

SHA512
aabf3216991a516e21b8612ce8abebcbd1130b34a0b5f57e8a015fcd3439e7e066a7dadd42d20c283747cefd19d955fe1deecb67c0a83b5a56516ff011827c87

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journal
Filesize
12KB

MD5
82585dccb0c6fb72b46467a8a481679c

SHA1
16dc8c08279dc9580e7a4049d8f10a6e1c7e33c9

SHA256
176f34dc9490ff18a2221fe4ab2e30ac122594c369d9ef922ae9418e6ffddb9c

SHA512
2c3aa26a07d59d95eb69767a65c8cffc2118c97eed8d6b2644fcd274ef2c1e536032d6763c0f55c54f919962851d38a7b6176c7f2c7d8d149d8feaf80d50b2b8

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
d80d53444fdc8a7593c7e10de3ef2842

SHA1
632d7b12b82d0fbf9c13e9e128ffd5f325e9a2a4

SHA256
bb4ef68b79c50133a232ab05f48b5e788b2eca2b0764b1d2286f1888dfafe2a0

SHA512
edecad5c3be22320c6c909ce62f1a55ae77d37873fa539c961e2148ad834cff64c557d5b58dced4ff8fd87f66e3a520977d5e432e3e7471f232ae8703382b0cf

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
5b147aadc9d76109cac8c73e2d174c78

SHA1
23d4426aa47237bc64c411a56b084b2a80bd2965

SHA256
9e8e69f02cb15c746e519fff236ee913c0a78cd316f6ff2324fde9aa5eaedfd7

SHA512
5064cd97ee40dc488486f2e72329a6cb7ae7e019cf0f14f76fee95ed0c99b8596dddd4151657aa71cc58ad0ebf891f2c1312620decb1d2c38af22ab013af24db

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
c55249e7ffc64232908b996a1ddf127a

SHA1
4a0a9eb1be4835afc470492ec2edb11b924d5ff5

SHA256
42347dd900778ef077db1321d60b952644afa563bb983ada8d1dd035a1e2507a

SHA512
3a3416c9c899c9e601e35b5436be86913f5e7e39651b26c4c4d41436ac5cd3ed114d6d604b4f3b8753d4bcb780921191aeeb75a49b503537ab8ec543d06beb95

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
ac7f9da9da7ab79a265a6e6aaad15c1e

SHA1
d05b6aad79affa91f6937f89f0cdc8ff4d1ad66c

SHA256
ddda61dbff6088f158e96f2a22955b9c9a625aff522a68ce0595bfbbe8d43eca

SHA512
c2b023a00549aaa938e402a30c0193876003c6b6ffed84cd399faa2570c32910ac0b8a3c13b3c8051377f71cbb9c728c0ee8ef2cf738cfae6fc39eefa8282e80

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
bd0c327ea3fac1d85960edbe0c285396

SHA1
468c3443f29f6e3a3bbaab2c1463b3705f12e2ac

SHA256
52df7131b4abefad451f173933d51aebadd0b556da92c5019ea4102ac2b6107a

SHA512
16832cf5aa0dba9764717b9304175ec37af78ec8e597cf34fd3f26765f1a56ca321e52a3ca273fb96489cd21cc98a7fd903e7442770ecac7490dc8fcc23dbfa7

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
4d7404eac73c627d879d5addd7a85146

SHA1
f7e55c9d2c54f1abd93f11bba83d1de6f4a9ffc6

SHA256
70189c1bfe16a52d601a6ab5b794e30c8016bef4eebb7de473820497eccc62b2

SHA512
1900f7945a95ec75b1ed8980785cd24b10e1f4aba2758451fb2304668c1f7a7f2ae683c48815e19570d7aa2241f906e7388d2946eb125e934677a1da4f76cd86

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
b00cf635401b1db5309ff2d45e820023

SHA1
ed39566f4887e146a01f422506e54e7e5f227e3b

SHA256
2c846218908ee1be47bba7d3370e30133c5ec67411a16cdc576e97c46a1d69fd

SHA512
2b40eb95f0237f4db9f5a95dfa1c05318e9e0a6be8ddb68983a3129d71c1043b40c8cc4faa38cc8aaea618de978c3d93db6c8466139997efbe07fc7bbf3f59aa

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
87a46f4c4113a8dff979d5a7289ba27b

SHA1
a3a8fef34847ef6532a7ef898d5befc95dfa4570

SHA256
36e5b739059b5f1341967b6fbd00ca5b390b3abb40e0cbfcecd92cae7d696052

SHA512
8125d21e3a9cbc77cb04b64cd1a0e7ec13adafc0b417ae31b3d8ad257f5cc5b5064633b2dde8607a19b53ae279ed8a4e0fe1afc34fc3ce3256af4d39c6b3ad86

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
a0a548793a510f9caed081689f935eeb

SHA1
2d1aad0213b2b86bfe52dd2485741fb00eb02f3a

SHA256
4564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5

SHA512
624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
43c6f5b25a8aeb3c6e3c317aa6278519

SHA1
462eae86037c1c663e50752c1f2d81a3fcb41c30

SHA256
f07f531329c7e373683d5e9bf6a11d7f7da17ed792e438bd43d2286b783903ba

SHA512
4b78468efb5a1235517c55aee41744b00e80efe85b7502919f8a83bd25546f13e9348135638994e49fa5415578c05fe7852ef673f9b0be50dc91557dd2057909

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db
Filesize
20KB

MD5
51fbb8ddc25ddbff6f68ab248cde13c5

SHA1
29bf1f62990db50074c1b31694749caf79051870

SHA256
6d99bbe40b24127f7709355d6798b9f81bd7e1022e5c89ff2d4e303126a0a680

SHA512
e12b9e13282965ce0062294ece9dbb74deab8123c6a81c3ec7a1dcf6b018f4feeef016ca2906243c18e92c23cbd08bd88ff354155cad55182768ed745e24aac8

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
414b431a5e001e492277301f2cc17958

SHA1
9632b58030e1fb422bf521aedfe009a0ca184299

SHA256
4d29f80cda4d070a7d80da767761cb14c40289fe4724f691293433aa303df1b1

SHA512
98f24b31140aa31b7bfb67c87ea1b05ee2a2f03cd4b2f99e1ff98a19102551cd2879339184fc0791c92676bd86964ab959d77d9a298782fd54cc9483d0a318e3

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
a484a6bf72db244d4d4f167819971ef1

SHA1
9265c37dd0d727d8cf299a2f0c3aac80fba63486

SHA256
6338e025ad7c4880c0ffe67cbccdc86837f90dd0f7b28f76612fa60d9e96243c

SHA512
e9a7f2ee190d264c38810b78787b6acd72c3c99a03b667f025edae753e9cb6cd33b14a2db7f41b300c96afb495b4a062fed510875cdb2f10fef452abcfe8642d

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
20KB

MD5
7ff08e8fbb99302ef3ad9f1125725aea

SHA1
0bde2d68317f60599dda5a95a992a5204fc81b39

SHA256
5352338af320690bac601e68fd1d212b412f4871a69501da5f306bd41a482a05

SHA512
b496e658d4d282554437af65264fa6e8c6aee847f96043fba53c397d76d7e198920c52a225481a055dcb950c0ebe9c4010072ff94d6bf2127081ad8239b303ec

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
44KB

MD5
6aa627184a45be0c9ee19e92efc51888

SHA1
5960a0852639c3835cdac282e205c228680deb47

SHA256
e8020f59fd1d9872cc8bc10b01004fe02b7dd0095641f40967e536c422096d48

SHA512
309bd80ebcce09178259d73db847f313bab07f610ebbba5092d4df92ec85459eae8f862297803eaac4dbef8850265f82bfdca49e52f45b201c482e7c401a98e8

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
736a5ac52fb09370f56b0148ec8200d6

SHA1
b73e5ede7cf2e85ef6cc55aa42af0a171a557525

SHA256
141d3e387d375f33627ad6915596fd5c65b5dc444cac0a6ffa0b123a890eedc5

SHA512
af555b79ea60ade25a0244670ed557be27ba1dae8aba5fe327d0bc1db5b328f604da82655cc6de76562361c2b84d6b189b292e36377529c4123a5b4faaacfe48

Download Submit
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
b8fba084ee2695fb44238b666c955cb3

SHA1
e26b141a4c984a8646aa3903993beece48e2b0a3

SHA256
21dfd09577cf5a927810d568a68d95d6f8f3a5c21d6529eb68e49e3ec710561f

SHA512
36530fe6ad7e66d2ec42119ad9f4345efc63fce28f324e1e84cb8a813e9fa5cc8f83f2c58bfd88761fa9bcef99cf03ff9e007fa938188a1a5baa4865c01556b9

Download Submit